Bump semver #14

dependabot · 2023-07-11T17:58:25Z

Bumps and semver. These dependencies needed to be updated together.
Updates semver from 5.5.1 to 5.7.2

Release notes

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
c83c18c 5.7.1
956e228 Correct typo in README
8055dda 5.7.0
604e73d auto-publishing scripts
bed01e2 remove the nomin comments, since we don't minify any more anyway
9cb68f1 document parse method
38d42ca 5.7 changelog
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates semver from 5.5.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
c83c18c 5.7.1
956e228 Correct typo in README
8055dda 5.7.0
604e73d auto-publishing scripts
bed01e2 remove the nomin comments, since we don't minify any more anyway
9cb68f1 document parse method
38d42ca 5.7 changelog
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps and [semver](https://github.com/npm/node-semver). These dependencies needed to be updated together. Updates `semver` from 5.5.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.5.1...v5.7.2) Updates `semver` from 5.5.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.5.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

prisma-cloud-devsecops

Prisma Cloud has found errors in this PR ⬇️

prisma-cloud-devsecops · 2023-07-11T17:59:24Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


undefsafe 2.0.2 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2019-10795 MEDIUM 6.3 2.0.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:25Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


ansi-regex 3.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-3807 HIGH 7.5 4.1.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:25Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


tough-cookie 2.4.3 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-26136 CRITICAL 9.8 4.1.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:25Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


unset-value 1.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

PRISMA-2022-0049 HIGH 7.5 2.0.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:25Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


set-value 0.4.3 / package-lock.json

Total vulnerabilities: 2

Critical: 2 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-23440 CRITICAL 9.8 2.0.1 Open

CVE-2019-10747 CRITICAL 9.8 2.0.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:30Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


bson 1.0.9 / package-lock.json

Total vulnerabilities: 2

Critical: 1 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-7610 CRITICAL 9.8 1.1.4 Open

CVE-2019-2391 MEDIUM 4 1.1.4 Open

prisma-cloud-devsecops · 2023-07-11T17:59:30Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


apollo-server-core 2.1.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

GHSA-w42g-7vfc-xf37 MEDIUM 4 2.14.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:30Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


ajv 5.5.2 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-15366 MEDIUM 4 6.12.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:31Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


qs 6.5.2 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-24999 HIGH 7.5 6.10.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:31Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


apollo-server-express 2.1.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

GHSA-w42g-7vfc-xf37 MEDIUM 4 2.14.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:37Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


undefsafe 2.0.2 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2019-10795 MEDIUM 6.3 2.0.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:39Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


ansi-regex 3.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-3807 HIGH 7.5 4.1.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:40Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


tough-cookie 2.4.3 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-26136 CRITICAL 9.8 4.1.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:41Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


unset-value 1.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

PRISMA-2022-0049 HIGH 7.5 2.0.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:42Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


set-value 0.4.3 / package-lock.json

Total vulnerabilities: 2

Critical: 2 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-23440 CRITICAL 9.8 2.0.1 Open

CVE-2019-10747 CRITICAL 9.8 2.0.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:43Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


protobufjs 6.8.8 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25878 HIGH 7.5 6.11.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:44Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


mquery 3.2.0 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

PRISMA-2021-0060 HIGH - 3.2.5 Open

CVE-2020-35149 MEDIUM 5.3 3.2.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:45Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


mpath 0.5.1 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-23438 CRITICAL 9.8 0.8.4 Open

prisma-cloud-devsecops · 2023-07-11T17:59:47Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


node-fetch 2.2.0 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 0 Medium: 2 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-0235 MEDIUM 6.1 2.6.7 Open

CVE-2020-15168 MEDIUM 5.3 2.6.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:48Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


qs 6.5.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-24999 HIGH 7.5 6.10.3 Open

prisma-cloud-devsecops · 2023-07-11T17:59:50Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


mixin-deep 1.3.1 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2019-10746 CRITICAL 9.8 1.3.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:51Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


bson 1.1.0 / package-lock.json

Total vulnerabilities: 2

Critical: 1 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-7610 CRITICAL 9.8 1.1.4 Open

CVE-2019-2391 MEDIUM 4 1.1.4 Open

prisma-cloud-devsecops · 2023-07-11T17:59:52Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


mongodb 3.1.4 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

GHSA-mh5c-679w-hh4r HIGH 7 3.1.13 Open

prisma-cloud-devsecops · 2023-07-11T17:59:53Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


object-path 0.11.4 / package-lock.json

Total vulnerabilities: 3

Critical: 1 High: 2 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-15256 CRITICAL 9.8 0.11.5 Open

CVE-2021-3805 HIGH 7.5 0.11.8 Open

CVE-2021-23434 HIGH 8.6 0.11.6 Open

prisma-cloud-devsecops · 2023-07-11T17:59:54Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


set-value 2.0.0 / package-lock.json

Total vulnerabilities: 2

Critical: 2 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2021-23440 CRITICAL 9.8 2.0.1 Open

CVE-2019-10747 CRITICAL 9.8 2.0.1 Open

prisma-cloud-devsecops · 2023-07-11T17:59:56Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


mongoose 5.2.14 / package-lock.json

Total vulnerabilities: 3

Critical: 2 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-2564 CRITICAL 9.8 6.4.6 Open

CVE-2019-17426 CRITICAL 9.1 - Open

PRISMA-2021-0067 HIGH - 5.12.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:57Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


glob-parent 3.1.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-28469 HIGH 7.5 5.1.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:58Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


semver 5.5.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

prisma-cloud-devsecops · 2023-07-11T17:59:59Z

package-lock.json

@@ -1559,7 +1559,7 @@
    },
    "chalk": {
      "version": "1.1.3",
-      "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",


request 2.88.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-28155 MEDIUM 6.1 - Open

dependabot bot added the dependencies Pull requests that update a dependency file label Jul 11, 2023

prisma-cloud-devsecops bot reviewed Jul 11, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump semver #14

Bump semver #14

dependabot bot commented on behalf of github Jul 11, 2023

prisma-cloud-devsecops bot left a comment

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

prisma-cloud-devsecops bot Jul 11, 2023

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2021-23440	CRITICAL	9.8	`2.0.1`	Open
CVE-2019-10747	CRITICAL	9.8	`2.0.1`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2020-7610	CRITICAL	9.8	`1.1.4`	Open
CVE-2019-2391	MEDIUM	4	`1.1.4`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
PRISMA-2021-0060	HIGH	-	`3.2.5`	Open
CVE-2020-35149	MEDIUM	5.3	`3.2.3`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-0235	MEDIUM	6.1	`2.6.7`	Open
CVE-2020-15168	MEDIUM	5.3	`2.6.1`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2020-15256	CRITICAL	9.8	`0.11.5`	Open
CVE-2021-3805	HIGH	7.5	`0.11.8`	Open
CVE-2021-23434	HIGH	8.6	`0.11.6`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-2564	CRITICAL	9.8	`6.4.6`	Open
CVE-2019-17426	CRITICAL	9.1	`-`	Open
PRISMA-2021-0067	HIGH	-	`5.12.2`	Open

Bump semver #14

Are you sure you want to change the base?

Bump semver #14

Conversation

dependabot bot commented on behalf of github Jul 11, 2023

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

prisma-cloud-devsecops bot left a comment

Choose a reason for hiding this comment

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

undefsafe 2.0.2 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

ansi-regex 3.0.0 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

tough-cookie 2.4.3 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

unset-value 1.0.0 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

set-value 0.4.3 / package-lock.json

Total vulnerabilities: 2

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

bson 1.0.9 / package-lock.json

Total vulnerabilities: 2

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

apollo-server-core 2.1.0 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

ajv 5.5.2 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

qs 6.5.2 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

apollo-server-express 2.1.0 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

undefsafe 2.0.2 / package-lock.json

Total vulnerabilities: 1

prisma-cloud-devsecops bot Jul 11, 2023

Choose a reason for hiding this comment

ansi-regex 3.0.0 / package-lock.json